Five-year-old, Kristoffer Von Hassel, from San Diego exposed a major security flaw in Microsoft’s Xbox Live password system when he hacked into his dad’s account without the password. The young child managed to discover what no other adult or developer did in all these months the console has been widely popular. Accessing his father’s Xbox Live service not only allowed him to access all his father’s games but also provided him with the option to make purchases.
Kristoffer managed to enter into his father’s Xbox Live service when he discovered that entering the wrong password into the log-in screen prompts a second password verification screen, where all he had to do was simply press the space bar – to fill up the password field – and then the system let him gain access into the account.
The security glitch was discovered when Kristoffer’s parents noticed him playing games on the Xbox Live that he was not supposed to be playing as they could only be accessed by entering the password to his father’s account.
The parents of the five-year-old child asked him how he had managed to play those games, to which, Kristoffer showed his father, Robert Davies, how he had managed to hack into the Xbox Live account.
Speaking to a local news station KGTV, Kristoffer said that initially he had been delighted with his feat and went like “yea!” However, like any young child, once the sense of achievement subsided, he got nervous that his dad would discover what he had done. The five-year-old thought that his father’s Xbox would be stolen because he had unlocked the account by messing with the password.
On the other hand, Davies also said his first reaction had been of amusement as he thought it was “awesome” and “cool” that a five-year-old had been able to “find a vulnerability” to one of the most popular and talked about games in the world.
Davis said that this was not the first time that his son had managed to log into a password protected device. He said that when Kristoffer was one-year-old, he had managed to open a child-locked mobile phone by simply holding down the menu key.
Meanwhile, Microsoft has not only fixed the flaw but officially thanked the child and added his name in the list of recognized security researchers of the game. In a company statement, Microsoft said that they are always “listening” to their customers and the feedback they provide.
The company said the security issue had been fixed as soon as they learnt about it. Kristoffer’s name has also been added to the March security acknowledgements page that Microsoft has set up to thank people who discover flaws with any of their products.
As an added appreciation gesture, Microsoft has also presented five-year-old Kristoffer with four free games worth $50 and a year-long subscription to Xbox Live. Ironically, Davis works for a cyber security firm, which makes the incident of a five-year-old child hacking into his father’s Xbox Live account so much more amusing.
By Faryal Najeeb